Merge branch 'master' into condiscon

d98f7e33 · Sietse Ringers · a0660056 · 7a4a04f9 · d98f7e33 · d98f7e33
Commit d98f7e33 authored Jun 12, 2019 by Sietse Ringers
--- a/descriptions.go
+++ b/descriptions.go
@@ -18,6 +18,7 @@ type SchemeManager struct {
 	URL               string           `xml:"Url"`
 	Contact           string           `xml:"contact"`
 	Description       TranslatedString
+	MinimumAppVersion SchemeAppVersion
 	KeyshareServer    string
 	KeyshareWebsite   string
 	KeyshareAttribute string
@@ -32,6 +33,11 @@ type SchemeManager struct {
 	index SchemeManagerIndex
 }

+type SchemeAppVersion struct {
+	Android int `xml:"Android"`
+	IOS     int `xml:"iOS"`
+}
+
 // Issuer describes an issuer.
 type Issuer struct {
 	ID              string           `xml:"ID"`

--- a/internal/servercore/api.go
+++ b/internal/servercore/api.go
@@ -111,8 +111,8 @@ func (s *Server) verifyConfiguration(configuration *server.Configuration) error
 		}
 		for _, file := range files {
 			filename := file.Name()
-			if filepath.Ext(filename) != ".xml" && strings.Count(filename, ".") != 3 {
-				s.conf.Logger.Infof("Skipping non-private key file %s encountered in private keys path", filename)
+			if filepath.Ext(filename) != ".xml" || filename[0] == '.' || strings.Count(filename, ".") != 2 {
+				s.conf.Logger.WithField("file", filename).Infof("Skipping non-private key file encountered in private keys path")
 				continue
 			}
 			issid := irma.NewIssuerIdentifier(strings.TrimSuffix(filename, filepath.Ext(filename))) // strip .xml

--- a/irmaclient/client.go
+++ b/irmaclient/client.go
@@ -838,7 +838,7 @@ func (client *Client) keyshareEnrollWorker(managerID irma.SchemeManagerIdentifie
 	}

 	transport := irma.NewHTTPTransport(manager.KeyshareServer)
-	kss, err := newKeyshareServer(managerID, manager.KeyshareServer)
+	kss, err := newKeyshareServer(managerID)
 	if err != nil {
 		return err
 	}
@@ -882,7 +882,7 @@ func (client *Client) KeyshareVerifyPin(pin string, schemeid irma.SchemeManagerI
 		}
 	}
 	kss := client.keyshareServers[schemeid]
-	return verifyPinWorker(pin, kss, irma.NewHTTPTransport(kss.URL))
+	return verifyPinWorker(pin, kss, irma.NewHTTPTransport(scheme.KeyshareServer))
 }

 func (client *Client) KeyshareChangePin(manager irma.SchemeManagerIdentifier, oldPin string, newPin string) {
@@ -900,7 +900,7 @@ func (client *Client) keyshareChangePinWorker(managerID irma.SchemeManagerIdenti
 		return errors.New("Unknown keyshare server")
 	}

-	transport := irma.NewHTTPTransport(kss.URL)
+	transport := irma.NewHTTPTransport(client.Configuration.SchemeManagers[managerID].KeyshareServer)
 	message := keyshareChangepin{
 		Username: kss.Username,
 		OldPin:   kss.HashedPin(oldPin),

--- a/irmaclient/keyshare.go
+++ b/irmaclient/keyshare.go
@@ -54,7 +54,6 @@ type keyshareSession struct {
 }

 type keyshareServer struct {
-	URL                     string `json:"url"`
 	Username                string `json:"username"`
 	Nonce                   []byte `json:"nonce"`
 	SchemeManagerIdentifier irma.SchemeManagerIdentifier
@@ -127,13 +126,9 @@ const (
 	kssPinError       = "error"
 )

-func newKeyshareServer(
-	schemeManagerIdentifier irma.SchemeManagerIdentifier,
-	url string,
-) (ks *keyshareServer, err error) {
+func newKeyshareServer(schemeManagerIdentifier irma.SchemeManagerIdentifier) (ks *keyshareServer, err error) {
 	ks = &keyshareServer{
 		Nonce: make([]byte, 32),
-		URL:   url,
 		SchemeManagerIdentifier: schemeManagerIdentifier,
 	}
 	_, err = rand.Read(ks.Nonce)
@@ -194,12 +189,13 @@ func startKeyshareSession(
 	}

 	for managerID := range session.Identifiers().SchemeManagers {
-		if !ks.conf.SchemeManagers[managerID].Distributed() {
+		scheme := ks.conf.SchemeManagers[managerID]
+		if !scheme.Distributed() {
 			continue
 		}

 		ks.keyshareServer = ks.keyshareServers[managerID]
-		transport := irma.NewHTTPTransport(ks.keyshareServer.URL)
+		transport := irma.NewHTTPTransport(scheme.KeyshareServer)
 		transport.SetHeader(kssUsernameHeader, ks.keyshareServer.Username)
 		transport.SetHeader(kssAuthHeader, "Bearer "+ks.keyshareServer.token)
 		transport.SetHeader(kssVersionHeader, "2")
@@ -372,7 +368,8 @@ func (ks *keyshareSession) GetCommitments() {
 		comms := &proofPCommitmentMap{}
 		err := transport.Post("prove/getCommitments", comms, pkids[managerID])
 		if err != nil {
-			if err.(*irma.SessionError).RemoteError.Status == http.StatusForbidden && !ks.pinCheck {
+			if err.(*irma.SessionError).RemoteError != nil &&
+				err.(*irma.SessionError).RemoteError.Status == http.StatusForbidden && !ks.pinCheck {
 				// JWT may be out of date due to clock drift; request pin and try again
 				// (but only if we did not ask for a PIN earlier)
 				ks.pinCheck = false

--- a/irmaconfig.go
+++ b/irmaconfig.go
@@ -1279,13 +1279,21 @@ func (conf *Configuration) UpdateSchemeManager(id SchemeManagerIdentifier, downl
 	return
 }

-func (conf *Configuration) updateSchemes() error {
+func (conf *Configuration) UpdateSchemes() error {
+	updated := IrmaIdentifierSet{
+		SchemeManagers:  map[SchemeManagerIdentifier]struct{}{},
+		Issuers:         map[IssuerIdentifier]struct{}{},
+		CredentialTypes: map[CredentialTypeIdentifier]struct{}{},
+	}
 	for id := range conf.SchemeManagers {
 		Logger.WithField("scheme", id).Info("Auto-updating scheme")
-		if err := conf.UpdateSchemeManager(id, nil); err != nil {
+		if err := conf.UpdateSchemeManager(id, &updated); err != nil {
 			return err
 		}
 	}
+	if !updated.Empty() {
+		return conf.ParseFolder()
+	}
 	return nil
 }

@@ -1294,7 +1302,7 @@ func (conf *Configuration) AutoUpdateSchemes(interval uint) {

 	conf.scheduler = gocron.NewScheduler()
 	conf.scheduler.Every(uint64(interval)).Minutes().Do(func() {
-		if err := conf.updateSchemes(); err != nil {
+		if err := conf.UpdateSchemes(); err != nil {
 			Logger.Error("Scheme autoupdater failed: ")
 			if e, ok := err.(*errors.Error); ok {
 				Logger.Error(e.ErrorStack())

--- a/server/irmad/cmd/root.go
+++ b/server/irmad/cmd/root.go
@@ -116,7 +116,7 @@ func setFlags(cmd *cobra.Command, production bool) error {
 	flags.String("client-listen-addr", "", "address at which server for IRMA app listens")
 	flags.Lookup("port").Header = `Server address and port to listen on`

-	flags.Bool("no-auth", !production, "whether or not to authenticate requestors")
+	flags.Bool("no-auth", !production, "whether or not to authenticate requestors (and reject all authenticated requests)")
 	flags.String("requestors", "", "requestor configuration (in JSON)")
 	flags.StringSlice("disclose-perms", nil, "list of attributes that all requestors may verify (default *)")
 	flags.StringSlice("sign-perms", nil, "list of attributes that all requestors may request in signatures (default *)")